In chat @CSDUMMI pointed to the ongoing discussion on new PyPI rules that require “critical” packages to use 2-factor authentication (2FA) or be expelled from the index. Discussion relates to this blog post and response to it. Passing just for background context: Congratulations: We Now Have Opinions on Your Open Source Contributions by Armin Ronacher (see also: HN discussion) Yes, I have opinions on your open source contributions by James Benett (see also: HN discussion) Problem FOSS...
These blog posts and big discussions around them were trigger to write the idea down: